Changeset View
Changeset View
Standalone View
Standalone View
head/multimedia/mythtv/files/patch-CVE-2017-05024
Property | Old Value | New Value |
---|---|---|
fbsd:nokeywords | null | yes \ No newline at end of property |
svn:eol-style | null | native \ No newline at end of property |
svn:mime-type | null | text/plain \ No newline at end of property |
From ed2572b9c8f885e2a4764d2e34604442a71899a1 Mon Sep 17 00:00:00 2001 | |||||
From: Matt Wolenetz <wolenetz@google.com> | |||||
Date: Wed, 14 Dec 2016 15:26:19 -0800 | |||||
Subject: [PATCH] lavf/mov.c: Avoid heap allocation wrap in mov_read_uuid | |||||
Core of patch is from paul@paulmehta.com | |||||
Reference https://crbug.com/643951 | |||||
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | |||||
Check value reduced as the code does not support values beyond INT_MAX | |||||
Also the check is moved to a more common place and before integer truncation | |||||
(cherry picked from commit 2d453188c2303da641dafb048dc1806790526dfd) | |||||
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> | |||||
--- | |||||
libavformat/mov.c | 2 +- | |||||
1 file changed, 1 insertion(+), 1 deletion(-) | |||||
diff --git libavformat/mov.c libavformat/mov.c | |||||
index 17d0475aae1..74b58255784 100644 | |||||
--- external/FFmpeg/libavformat/mov.c | |||||
+++ external/FFmpeg/libavformat/mov.c | |||||
@@ -4436,7 +4436,7 @@ static int mov_read_uuid(MOVContext *c, AVIOContext *pb, MOVAtom atom) | |||||
0x9c, 0x71, 0x99, 0x94, 0x91, 0xe3, 0xaf, 0xac | |||||
}; | |||||
- if (atom.size < sizeof(uuid) || atom.size == INT64_MAX) | |||||
+ if (atom.size < sizeof(uuid) || atom.size >= FFMIN(INT_MAX, SIZE_MAX)) | |||||
return AVERROR_INVALIDDATA; | |||||
ret = avio_read(pb, uuid, sizeof(uuid)); |